CYBERSECURITY PROTOCOLS POLICY

Effective Date: 02 June 2025
Applies To: All employees, contractors, vendors, and any third parties with access to company systems and data

1. PURPOSE

This policy outlines the cybersecurity protocols adopted by MPLATS ENTERPRISE (PTY) LTD to protect the confidentiality, integrity, and availability of digital assets, systems, and sensitive information from unauthorized access, data breaches, and cyber threats.

2. SCOPE

Applies to:

• All hardware and software systems connected to the Mototolo network

• Email, cloud, internet, and internal applications

• All employees, service providers, and partners accessing digital platforms

3. SECURITY RESPONSIBILITIES

• IT Department: Oversees cybersecurity systems, monitoring, and response

• All Employees: Must follow safe computing practices and report any suspicious activity immediately

• Vendors/Contractors: Must comply with Mototolo’s cybersecurity standards and sign IT confidentiality agreements

4. USER ACCESS CONTROLS

• Each user will receive a unique ID and password

• Multi-factor authentication (MFA) is mandatory for all system logins

• Access to systems is granted based on job function (principle of least privilege)

• Shared accounts are prohibited unless specifically authorized

5. PASSWORD POLICY

• Minimum 12 characters; must include letters, numbers, and special characters

• Passwords must be updated every 90 days

• Reuse of previous 5 passwords is prohibited

• Do not share passwords via email or written notes

6. NETWORK SECURITY

• Only authorized devices may connect to the MPLATS network

• Public Wi-Fi access must use company VPN for protection

• All devices must have updated antivirus and endpoint protection software

7. EMAIL & PHISHING AWARENESS

• Do not click unknown links or open attachments from unverified sources

• Always verify email sender authenticity before acting on requests

• Report phishing attempts immediately to: security@mplats.co.za

8. DATA PROTECTION & ENCRYPTION

• All confidential and sensitive information must be encrypted in storage and transmission

• USB devices are restricted and must be encrypted if authorized

• Cloud storage platforms must be pre-approved by IT before use

9. INCIDENT RESPONSE PLAN

In the event of a suspected cyber incident:

• Notify the IT Department immediately at incident@mplats.co.za

• Avoid altering or deleting any files associated with the breach

• Follow instructions from the Cybersecurity Response Team (CSRT)

10. SOFTWARE & PATCH MANAGEMENT

• Only licensed software approved by IT is allowed

• Auto-updates must remain enabled

• Unauthorized installations are strictly prohibited

11. REMOTE WORK SECURITY

• Remote users must connect using VPN and company-issued devices

• Home networks must have password-protected routers

• Avoid working in unsecured public environments when accessing sensitive systems

12. TRAINING & AWARENESS

• All staff must complete annual cybersecurity awareness training

• Quarterly phishing simulations and refresher sessions will be held

13. POLICY VIOLATION

Failure to comply may result in:

• Restricted access

• Disciplinary action

• Legal prosecution in cases of gross negligence or malicious behavior

14. CONTACT & SUPPORT

IT Security Officer
Email: security@mplats.co.za
Tel: 013 516 0549